CVE-2023-46380

Last Updated: March 29, 2024

CVE-2023-46380

Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability

Publication Date: 2023-11-03

Severity Level: High

Affected Vendor

LOYTEC electronics GmbH

Affected Products and Versions

LINX-212 firmware 6.2.4
LVIS-3ME12-A1 firmware 6.2.2
LIOB-586 firmware 6.2.3

Description

Password change request on the web interface on LOYTEC devices is sent in clear text over HTTP, and this allows information theft and account takeover via network sniffing.

Solutions & Rules

N/A

Credit

Chizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT